analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

VptUrP6uV3sX01N78aPWEw

Full analysis: https://app.any.run/tasks/d89e6c6e-49bd-4930-af28-4f4ada02b2dd
Verdict: Malicious activity
Analysis date: March 30, 2020, 15:45:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

F0EA9CEC3A6FAD143B3A61F3F6668E1D

SHA1:

97970D7AB16592066576C34A53EC109E35CCFB22

SHA256:

9C6438FE5E6417A9D706678788212776FAA17179B4EFFD712B0684F579A01B00

SSDEEP:

768:YpDRn7BRGlv1cmcx57hsGa0PZWHGDlm27JZmIwvk5Twhy3y0kqYuBz9w7WPE:y/5xYyZ/l8ZcBGGJkqh1z8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1740)
      • iexplore.exe (PID: 3260)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3260)
      • iexplore.exe (PID: 3848)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1740)
      • iexplore.exe (PID: 3888)

    • Changes internet zones settings

      • iexplore.exe (PID: 1740)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3260)
      • iexplore.exe (PID: 1740)
      • iexplore.exe (PID: 3848)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3260)
      • iexplore.exe (PID: 3848)
      • iexplore.exe (PID: 1740)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3260)
      • iexplore.exe (PID: 3848)
      • iexplore.exe (PID: 1740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Description: Acclaim is an enterprise-class Open Badge platform with one goal: connect individuals with better jobs. We partner with academic institutions, credentialing organizations and professional associations to translate learning outcomes into web-enabled credentials that are seamlessly validated, managed and shared through Acclaim.
Keywords: Acclaim, open badges, digital badges, badges, web-enabled credentials, Badge Alliance, Mozilla Open Badge standards, Mozilla Open Badges, verified credentials, learning outcomes, Credly badges, Credly
viewport: width=device-width
msvalidate01: 1B97012E4CB3B07611090D1A0B4D9D19
googleSiteVerification: d20lZjrSJJ_n0jc1HHlADZBDmn5wZfiBDucFzzOzHCY
csrfParam: authenticity_token
csrfToken: rHZpAIg6MjS0rJivipQIjM1Y0NMiL/cUsDZRe96wPM5f5ZBsh0sKGO0T0nuLNOGrQQ7Y20jD2rrJL5gh9z+z/w==
Title: Acclaim
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1740"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\VptUrP6uV3sX01N78aPWEw.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3260"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3848"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:340997 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:464129 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
12 156
Read events
773
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
33
Text files
4
Unknown types
14

Dropped files

PID
Process
Filename
Type
1740iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3260iexplore.exeC:\Users\admin\AppData\Local\Temp\CabA188.tmp
MD5:
SHA256:
3260iexplore.exeC:\Users\admin\AppData\Local\Temp\TarA189.tmp
MD5:
SHA256:
3848iexplore.exeC:\Users\admin\AppData\Local\Temp\CabDB64.tmp
MD5:
SHA256:
3848iexplore.exeC:\Users\admin\AppData\Local\Temp\CabDB75.tmp
MD5:
SHA256:
3260iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12der
MD5:E20975B58423B6C66BDB4F2B89EF4B25
SHA256:C8A3F4994CA745832F6A9FC78D35E06719C5975BBB1F45995629C0098AA274CE
3260iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bbinary
MD5:758DA1DF2CE36199AA2D7304237E043B
SHA256:B0AE343EA2D3A9F0743B8F1BF43B8A59C6B5D8968C4392E1AE8BC5BF85BF33DD
3848iexplore.exeC:\Users\admin\AppData\Local\Temp\TarDB77.tmp
MD5:
SHA256:
3848iexplore.exeC:\Users\admin\AppData\Local\Temp\TarDB76.tmp
MD5:
SHA256:
3260iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE346.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
40
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3260
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
3260
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
727 b
whitelisted
3260
iexplore.exe
GET
200
93.184.220.29:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRhhZrQET0hvbSHUJmNfBKqR%2FiT7wQUU8oXWfxrwAMhLxqu5KqoHIJW2nUCEAoboohhgO%2FnuLQ9gK75gkQ%3D
US
der
471 b
shared
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
727 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
727 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEQDoDLmrMzRwB6RfKO0iRdRf
US
der
472 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
3260
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3260
iexplore.exe
94.31.29.32:443
cdn.trackjs.com
netDNA
GB
suspicious
4
System
172.217.16.138:445
fonts.googleapis.com
Google Inc.
US
whitelisted
4
System
172.217.16.138:139
fonts.googleapis.com
Google Inc.
US
whitelisted
1740
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3848
iexplore.exe
94.31.29.32:443
cdn.trackjs.com
netDNA
GB
suspicious
3848
iexplore.exe
99.86.7.22:443
cdn.youracclaim.com
AT&T Services, Inc.
US
suspicious
3260
iexplore.exe
99.86.7.22:443
cdn.youracclaim.com
AT&T Services, Inc.
US
suspicious
3260
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3260
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
1740
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
cdn.trackjs.com
  • 94.31.29.32
whitelisted
fonts.googleapis.com
  • 172.217.16.138
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
status.rapidssl.com
  • 93.184.220.29
shared
cdn.youracclaim.com
  • 99.86.7.22
  • 99.86.7.79
  • 99.86.7.83
  • 99.86.7.115
shared
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
VptUrP6uV3sX01N78aPWEw